CVE-2010-2092

EPSS 0.14%

cacti - SQL injection

Published: 5/27/2010Modified: 5/27/2026

Description

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.

Affected packages (2)

Debian/cactifrom 0, < 0.8.7e-4
Debian/cactifrom 0, < 0.8.7b-2.1+lenny3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-2092